Key Considerations for the 2024 Annual Reporting Season: Your Upcoming Form 20-F and other FPI-Specific Considerations

36 min read

Click here to download full PDF 'Key Considerations for the 2024 Annual Reporting Season: Your Upcoming Form 20-F and other FPI-Specific Considerations' ››

This memorandum outlines key considerations from White & Case's Public Company Advisory Group for foreign private issuers ("FPIs") during the 2024 annual reporting season, divided into two sections: Form 20-F Housekeeping Considerations in Part I below, and Disclosure Considerations in Part II below.

Part I: Housekeeping Considerations

Our housekeeping reminders for preparing Annual Reports on Form 20-F are as follows:

1. Remember to add the two new check box disclosures to the Form 20-F cover page and confirm whether or not to check these new boxes. Starting December 1, 2023, public companies are required to have in place a clawback policy that is compliant with stock exchange listing standards adopted pursuant to the SEC's new clawback rules. As explained in SEC C&DI 104.19, companies must now add two related check box disclosures to the cover page of their Form 20-Fs as follows:

New Check Box #1: If securities are registered pursuant to Section 12(b) of the Act, indicate by check  mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. 

New Check Box #1: Considerations for Box Checking. For New Check Box #1, companies need to confirm if their Form 20-F filing reflects the "correction of an error to previously issued financial statements." Three items of note for this analysis:

(1) Exclude Adjustments Recorded in Current Period. An "error" is defined in Accounting Standards Codification Topic 250, Accounting Changes and Error Corrections,1 but the error only requires a company to check the box if it relates to "previously issued" financial statements—not financial statements for the current period.2

(2) Exclude Changes that Are Not "Error Corrections." If a change to the financial statements does not represent an error correction under accounting standards (for example, the retrospective revision to reportable segment information, or the retrospective application of a change in accounting principle),3 then a company should not check this first box.

(3) Exclude Errors Only Affecting Interim Periods. If an error only affects financial statements of interim periods (rather than annual periods), the Staff has indicated that it would not object to an issuer's decision not to check the box.4

New Check Box #2: Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant's executive officers during the relevant recovery period pursuant to §240.10D-1(b).

New Check Box #2: Considerations for Box Checking. For New Check Box #2, companies need to confirm if an error correction resulted in a financial restatement that "required a recovery analysis of incentive-based compensation received by any of the [company's] executive officers during the relevant recovery period." A "Big R" or "little r" restatement can trigger the checking of this new box, although we believe appropriate exceptions may occur, such as when a company does not award incentive-based compensation to executive officers or a company is otherwise not "required" under applicable rules to perform a recovery analysis of incentive-based compensation received by executive officers.5

2. Review your exhibit list and remember to file your new clawback policy exhibit. For your exhibit list, remember to (1) confirm inclusion of all required exhibits in accordance with Item 19 of Form 20-F, including exhibits filed since last year's Form 20-F or Form 6-K required to be included in the Form 20-F and the newly required clawback policy under Instruction 97 to Item 19 of Form 20-F;6 (2) remove outdated exhibits no longer required to be filed, such as material contracts that have been fully performed; and (3) confirm permissible redactions and omissions in filed exhibits under Item 19 of Form 20-F (see our 2023 Annual Memo's Housekeeping Considerations for further information on these permissible redactions and omissions).

  • New clawback policy exhibit. Since public companies are now required to have in place a clawback policy pursuant to stock exchange listing standards and SEC Rule 10D-1, remember to EDGARize and file this newly required clawback policy as Exhibit 97 to your Form 20-F. For the 20-F exhibit list, companies can use a description aligned with Instruction 97 to Item 19 of Form 20-F; i.e., Policy relating to recovery of erroneously awarded compensation, as required by applicable listing standards adopted pursuant to 17 CFR 240.10D-1. In line with this description, the new clawback exhibit item only applies to the newly required clawback policy adopted pursuant to stock exchange and SEC rules, rather than any other type of clawback policy that a company voluntarily has in place (such as a discretionary clawback triggered by misconduct or reputational harm).

3. Confirm your Filing Status for 2024. As with every year, it is important to confirm your filing status in order to appropriately complete the checkboxes on your Form 20-F cover page. For an FPI, filing status will impact (i) to the extent applicable, whether it continues to qualify as an emerging growth company ("EGC") (i.e., until the first fiscal year where an issuer becomes a "large accelerated filer"), and (ii) whether it is subject to SOX 404(b) auditor attestation requirements (which apply once an issuer becomes an "accelerated filer" or a "large accelerated filer").

Filing status does not affect the filing deadline. This year's Form 20-F is due on Tuesday, April 30, 2024, for all calendar year-end FPIs, regardless of filing status. However, where a calendar year-end FPI has an effective shelf registration statement on Form F-1 or F-3 (e.g., for resales by selling shareholders) and plans to allow uninterrupted sales of securities from its registration statement, SEC rules require that the company file its audited FYE 2023 financial statements by March 31, 2024, which may push up the Form 20-F deadline to such earlier deadline. For more information, see "2. Considerations for Outstanding Registration Statements" in Appendix A.

For companies that experienced stock price volatility in the recently completed fiscal year, re-assessing filing status is even more important. To confirm your filing status, keep in mind that:

  • Determining Public Float: Public float is central to calculating your filing status and is computed as of the last business day of the company's most recently completed second fiscal quarter (June 30, 2023, for calendar year-end companies) by multiplying (a) the number of shares of common stock or ordinary shares on that day held by non-affiliates7 by (b) the closing stock price on that day. As a result, confirming the identity and holdings of affiliates and subtracting out those shares is critical for an accurate calculation of "public float."
  • Large Accelerated, Accelerated and Non-Accelerated Thresholds: The public float thresholds for initial qualifications are set forth in Rule 12b-2 of the Exchange Act, but if your company previously qualified as a "large accelerated filer" or an "accelerated filer," the thresholds to now move into accelerated or non-accelerated status are different and lower than those required for the initial qualification (e.g., less than $560 million as opposed to $700 million for accelerated filer status and less than $60 million as opposed to $75 million for non-accelerated filer status).8
  • Emerging Growth Company (EGC) Status Check: If your company is an EGC, remember to annually assess whether you have ceased to qualify as an EGC based on: (1) having total annual gross revenues of $1.235 billion or more; (2) the passage of time beyond the fifth anniversary of the first date common equity was sold pursuant to an effective registration statement; (3) the issuance of more than $1 billion in non-convertible debt in the previous three years; or (4) becoming a large accelerated filer. See the definition of "emerging growth company" in Rule 12b-2.

4. Remember to Add Items 16J and 16K. Form 20-F now has two new items: (i) Item 16J, "Insider trading policies"; and (ii) Item 16K, "Cybersecurity." The disclosure under Item 16K is required for all Form 20-Fs filed for fiscal years ending on or after December 15, 2023. For more information, see "Part II: Disclosure Considerations—1. Cybersecurity."

The disclosure under Item 16J (which includes a statement of whether the issuer has adopted an insider trading policy, the reasons why, if not, and a requirement that the policy be filed as an exhibit to the Form 20-F) is not required for upcoming Form 20-Fs for calendar year-end companies. Instead, it is mandatory starting with the first Form 20-F that covers the first full fiscal period beginning on or after April 1, 2023 (i.e., for calendar year-end companies, Form 20-Fs filed in 2025 for fiscal year 2024 for calendar year-end companies).9 However, until this disclosure is required, we would still recommend including Item 16J in the table of contents and in the body of the filing, followed by "Not applicable."

5. Stock Repurchase Table Reminder. The SEC's new repurchase rules have now been vacated by a Fifth Circuit court decision.10 Therefore, these rules (which would have required quarterly "Form F-SR" disclosures beginning with the first full fiscal quarter beginning on or after April 1, 2024) are not in effect. However, companies are reminded that, as in the past, they must still comply with Item 16E of Form 20-F to disclose, among other items, monthly information on their repurchases.11

6. Additional Housekeeping Items. Companies are reminded to keep track of certain additional form check items in the Form 20-F, to consider the impact of their outstanding registration statements on their public filings and to review their form of D&O questionnaire for updates. Appendix A provides additional detail on all of these topics.

Part II: Disclosure Considerations

1. Cybersecurity: On July 26, 2023, the SEC adopted mandatory cybersecurity disclosure requirements, which must be provided in a new section (Part III, Item 16K) of upcoming Form 20-Fs for calendar year-end companies. The new disclosure is required for all Form 20-Fs filed for fiscal years ending on or after December 15, 2023. Below, we discuss this new disclosure in more detail, including our guiding principles (in Part A below) and the specific disclosure requirements under Item 16K of Form 20-F (in Part B below).

A. Guiding Principles for Preparing New Cybersecurity Section of Annual Reports. In preparing this new disclosure, guiding principles to consider are the following:

(1) Take into Account Existing Cybersecurity Disclosures for Consistency. It will be crucial for SEC and website disclosures to be consistent and provide coherent information for investors about a company's cybersecurity risk management processes. As such, companies should consider and review their existing cybersecurity disclosure for consistency across their:

  • SEC filings, including in Risk Factors (Item 3.D), Business (Item 4) and MD&A (Item 5) sections of Form 20-Fs, including any descriptions of board oversight of cybersecurity risks.
  • Sustainability reports posted on corporate websites, as well as any other relevant disclosures made on such websites, in press releases and at investor conferences.

(2) Establish controls and vetting processes to confirm accuracy. The new cybersecurity disclosures in Form 20-Fs will need to be thoroughly vetted among responsible stakeholders internally to confirm accuracy and alignment with the company's own internal risk profile. The SEC's recent enforcement action against SolarWinds emphasizes the importance of aligning disclosures with a company's own internal documentation. For example, in the same month that SolarWinds disclosed only generic and hypothetical cybersecurity risk disclosures, the CISO wrote in an internal presentation that SolarWinds' "current state of security leaves us in a very vulnerable state for our critical assets."

(3) Collect and confirm disclosure sub-certifications. Sub-certifications signed by responsible internal stakeholders should cover this new section of the 20-F to support the CEO and CFO's Sarbanes-Oxley certifications filed with the 20-F. In particular, the SolarWinds enforcement action highlights the importance of confirming that certifications are accurate when signed, as well as the involvement of the CISO in Disclosure Committee meetings.12

B. Disclosure Requirements for New Cybersecurity Section of Annual Reports. For their new cybersecurity section in Form 20-Fs, companies should confirm compliance with the new line item requirements in Item 16K of Regulation S-K, as summarized below.

Risk Management and Strategy. Under new Item 16K(b)(1), companies must:

Describe the registrant's processes, if any, for assessing, identifying and managing material risks13 from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes. In providing such disclosure, a registrant should address, as applicable, the following non-exclusive list of disclosure items:

(i) Whether and how any such processes have been integrated into the registrant's overall risk management system or processes.

(ii) Whether the registrant engages assessors, consultants, auditors, or other third parties in connection with any such processes.14

(iii) Whether the registrant has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

The SEC's purpose in adopting new disclosure items in Item 16K(b)(1) was to "allow investors to ascertain a registrant's cybersecurity practices, such as whether they have a risk assessment program in place, with sufficient detail for investors to understand the registrant's cybersecurity risk profile," while at the same time avoiding details that "could increase a company's vulnerability to cyberattack."15 In recent remarks, SEC Corporation Finance ("Corp Fin") Director Erik Gerding also noted that, unlike the proposed rule, these requirements focus more broadly on a company's cybersecurity processes, providing companies with a non-exclusive list of disclosure items and recognizing that companies will have "diverse approaches to cybersecurity, based on their particular circumstances."16

Cybersecurity Threat Disclosure. Under new Item 16K(b)(2), companies must:

Describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant, including its business strategy, results of operations, or financial condition and if so, how.

This new requirement in Item 16K(b)(2) was proposed in 2022 by the SEC to "equip investors to better comprehend the level of cybersecurity risk the company faces" and "assess the company's preparedness regarding such risk," but also aligns with the SEC's 2018 guidance, which encourages companies to address the impact of any prior cybersecurity incidents in their risk factors. We expect many companies to provide a cross-reference to existing risk factor disclosure on this point and to consider, as appropriate, any additional disclosure to address and clarify whether or not any cybersecurity incidents experienced to date have constituted a material cybersecurity incident. As the SEC noted, companies should likewise consider whether they need to revisit or refresh any previous disclosure made about cybersecurity incidents as they prepare this disclosure, including during the process of investigating a cybersecurity incident.17

Governance Board Disclosure. Under new Item 16K(c)(1), companies must:

Describe the board of directors' oversight of risks from cybersecurity threats.

If applicable, identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks.

For this requirement in Item 16K(c)(1), although the SEC opted not to adopt a proposal to require disclosure of the frequency of board and committee discussions, the SEC specifically noted in the adopting release that the disclosure may include discussion of frequency, including the board or board committee's reliance on "periodic (e.g., quarterly) presentations by the registrant's chief information security officer to inform its consideration of risks from cybersecurity threats."18 Notably, the SEC also removed its proposed requirement that companies disclose whether any directors have cybersecurity expertise, noting that "effective cybersecurity processes are designed and administered largely at the management level and that directors with broad-based skills in risk management and strategy often effectively oversee management's efforts without specific subject matter expertise as they do with other sophisticated technical matters."19

Governance Management Disclosure. Under new Item 16K(c)(2), companies must:

Describe management's role in assessing and managing the registrant's material risks from cybersecurity threats. In providing such disclosure, a registrant should address, as applicable, the following non-exclusive list of disclosure items:

(i) Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise. Relevant expertise may include, for example, prior work experience in cybersecurity; any relevant degrees or certifications; any knowledge, skills or other background in cybersecurity.

(ii) The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents.

(iii) Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

For this requirement in Item 16K(c)(2), the SEC noted that this list is a "non-exclusive list" that companies should consider when describing management's role in cybersecurity oversight, and that this disclosure would "typically encompass identification of whether a registrant has a chief information security officer [(CISO)] or someone in a comparable position." The detailed information required about the CISO's background (including the CISO's prior work experience, knowledge, skills and degrees or certifications held) is notable in that it goes beyond current disclosure requirements regarding other members of company management.

2. Review your XBRL Disclosures for Consistency: In September 2023, Corp Fin Staff published a Sample Comment Letter Regarding XBRL Disclosures, which highlights XBRL tagging issues and errors on which the SEC is focusing. The sample comments focus on inconsistent disclosures including:

(i) outstanding shares reported on the cover page and balance sheet being tagged with materially different values; and

(ii) using different XBRL elements to tag the same line item from period to period, without including an analysis as to how the company concluded that the results reported necessitated the change in  the element.

The SEC's sample comment letter also address custom tagging issues.20 The Staff emphasized the importance of providing consistent and accurate information throughout a registrant's filings, and cautioned that companies may be asked to amend or revise their disclosures if they failed to comply with the EDGAR Filer Manual.21 Companies should therefore review the required XBRL data to confirm they are tagging information appropriately. This could include designating members of the financial reporting team to receive technical training on XBRL so they can review tagging for accuracy and consistency.

3. Remember to Update Risk Factors. Risk factor disclosure is a critical part of the Form 20-F, and there were many developments in 2023 that companies should consider as they draft their risk factors. These considerations include developments with respect to (1) cybersecurity, (2) artificial intelligence, (3) international geopolitics, (4) climate, and (5) internal controls. For a discussion of these developments and important tips for drafting risk factors, see our recent client alert Key Considerations for Updating 2023 Annual Report Risk Factors.

4. MD&A Considerations. MD&A remained one of the top targets of SEC Staff comments, with the majority of this year's comments focused on disclosures about results of operations. Many comments related to a company's lack of sufficiently detailed disclosures about the reasons for material period-to-period changes in the financial statement line items. These included comments reminding companies that if two or more factors contributed to a material period-to-period change in a financial statement line item or subtotal, Item 5 of Form 20-F requires disclosure of the reasons for material changes, in quantitative and qualitative terms, for each factor, including where material changes within a line item offset one another.22 Comments have also asked about the effects of macroeconomic factors, such as inflation, interest rates and supply chain issues.23 Companies should review their MD&A disclosures to confirm the reasons for material changes are disclosed with sufficient specificity to avoid these types of comments.

5. Artificial Intelligence Considerations for your Annual Report. New artificial intelligence ("AI") technologies present both significant opportunities and significant risks for companies. In addition to risk factor disclosure, companies should consider whether it is necessary or advisable to make disclosures about ways in which AI might impact their strategy, productivity, competition or product demand, which might be appropriately included in the Business section of their Form 20-F or trends sections of the MD&A. When discussing the potential impact of AI, it is important not to "AI" wash, or mislead investors as to your true artificial intelligence capabilities, which SEC Chair Gary Gensler cautioned companies against in a statement in early December. For information on addressing AI in risk factors, see our recent client alert Key Considerations for Updating 2023 Annual Report Risk Factors.

6. Mind the Non-GAAP/Non-IFRS. The SEC Staff continues to focus on non-GAAP/non-IFRS financial measures in its comment letters, following the release of updated non-GAAP/non-IFRS C&DIs in December 202224 (for a summary of these recent updates, see our "Non-GAAP/Non-IFRS Compliance -- Five Key Reminders" in our 2023 Annual Memo). It is important that companies review any non-GAAP disclosures against SEC requirements and guidance to ensure that non-GAAP measures are appropriately used and compliant with regulatory requirements.

In 2023, many of the Staff's comment letters focused on compliance with its C&DIs. For example, the Staff asked registrants whether operating expenses are "normal" or "recurring" and, therefore, whether their exclusion from a non-GAAP/non-IFRS financial measure could be misleading based on C&DI Question 100.01.25 The Staff also commented on non-GAAP adjustments to revenue and expenses that could have the effect of changing the recognition and measurement principles required by GAAP, thereby rendering them "individually tailored" and potentially resulting in a misleading measure, based on C&DI Question 100.04.26

In addition, the Staff continues to focus on whether non-GAAP/non-IFRS financial measures comply with Item 10(e) of Regulation S-K, including whether certain performance metrics should have been identified as non-GAAP/non-IFRS measures and whether identified non-GAAP/non-IFRS measures are presented with the most directly comparable GAAP/IFRS financial measure at the appropriate prominence level. Item 10(e) specifically applies where FPIs include a non-GAAP/non-IFRS financial measure either in (i) a Form 20-F or (ii) a Form 6-K fully incorporated by reference into a registration statement or Form 20-F.

The scrutiny on non-GAAP/non-IFRS financial measures also came in the form of an SEC enforcement action in 2023. In March 2023, the SEC issued a cease-and-desist order to DXC Technology Company based on misleading non-GAAP disclosures in its periodic reports and earnings releases.27 According to the SEC's order, DXC materially increased its reported non-GAAP net income by misclassifying tens of millions of dollars of unrelated expenses as transaction-related costs and improperly excluded them from its non-GAAP net income, non-GAAP EPS, and other non-GAAP measures. In its order, the SEC specifically noted that the absence of a non-GAAP policy and specific disclosure controls and procedures resulted in subjective determinations    made by employees about whether such misclassified expenses were related to an actual or contemplated transaction.

7. Restatements, Internal Controls and Disclosure Controls. Restatements, internal control over financial reporting ("ICFR") and disclosure controls and procedures ("DCPs") are a recent focus of the SEC, including in recent comments made that challenge and question management of public companies regarding the following:

  • A company's materiality assessment following a company's disclosure of a "little r" restatement;28
  • The effectiveness of ICFR and DCPs when a company corrects a prior-period error;29
  • Management's judgment when it attributes a material error to a control deficiency but does not conclude that the deficiency is a material weakness;30 and
  • Disclosure stating that ICFR was ineffective (e.g., when a material weakness was identified) while simultaneously disclosing that DCPs were effective.31

In December 2023, SEC Chief Accountant Paul Munger issued a statement referencing the fact that the statement of cash flows has consistently been a leading source of "little r" restatements and emphasizing the importance of performing an "objective analysis from the perspective of a reasonable investor" when evaluating the materiality of both the financial statement and ICFR impacts of an error in the statement of cash flows.32 In light of the SEC's focus, companies should ensure they have adequate ICFR and DCPs in place and thoroughly evaluate their financial statement procedures, particularly with respect to their statement of cash flows.

8. Characterization of Legal Proceedings. It is important to avoid relying on boilerplate language such as "without merit" when characterizing legal proceedings in your SEC filings, particularly where there is at least some merit to the litigation. This is exemplified by the United States District Court for the District of Massachusetts decision in City of Fort Lauderdale Police and Firefighters' Retirement System v. Pegasystems Inc.,33 in which the plaintiff shareholders filed a class action against Pegasystems after it was ordered to pay damages in a lawsuit regarding trade secret misappropriation. Plaintiffs alleged that Pegasystems made false statements and falsely reassured investors that the claims in the trade secret matter were "without merit," which the court found actionable, explaining that "a reasonable investor could justifiably have understood [the] message that [the trade secret] claims were 'without merit' as a denial of the facts underlying [the] claims—as opposed to a mere statement that Pega[systems] had legal defenses against those claims." While a company does not have to admit any wrongdoing in its disclosure, it may not "make misleading substantive declarations regarding its beliefs about the merits of the litigation." Rather than describing legal proceedings as "without merit," language such as "we intend to contest this matter vigorously" or "we have substantial defenses" (if justifiable) may be appropriate. Legal proceedings disclosures should be carefully evaluated to ensure that the merit of any claims is appropriately characterized.

9. Climate Change and Sustainability Disclosure. Climate change remains a particularly strong focus of both the SEC and investors. In March 2022, the SEC proposed extensive climate-related disclosure requirements that, if adopted, would require US public companies to dramatically expand the climate-related disclosures in their SEC filings. While these rules are pending (potential action has been delayed until spring 2024), companies should continue to consider their existing climate-related disclosure in light of the SEC's 2010 climate change disclosure guidance.

Companies should also review their disclosures in light of the SEC's sample comment letter on climate disclosure, issued in September 2021, with which the Staff's recent comments on climate-related disclosures continue to align, including comments on:

  • Indirect consequences of climate-related business trends, such as decreased demands for goods or services that produce significant greenhouse gas emissions34
  • The physical effects of climate change on operations and results
  • Material expenditures for climate-related projects and compliance costs
  • Whether information contained in sustainability reports is material and therefore required to be included in the Form 20-F.35

In 2023, the Staff continued to issue multiple rounds of letters on climate-related disclosures, particularly if the company's initial response did not address each of the items in the initial comment letter. In several example comment letters, when a company asserted that the effects or costs of climate-related matters was not material, the Staff would ask the company to quantify the effects or costs and explain its analysis of materiality. As a result, climate-related comments had the highest average number of rounds of comments than any other comment type, and companies should carefully consider their disclosures in light of these types of comments. In addition, companies should confirm they have appropriate controls around climate disclosures to ensure that climate-related disclosures are properly supported and documented, and are consistent throughout all the company's publicly available disclosures.

10. Consider your Human Capital Management (HCM) Disclosures.36 The HCM disclosures required in the Business section of domestic issuers' Form 10-Ks are not required for FPIs, and FPIs generally are not adopting such disclosures voluntarily. However, the SEC's plan to propose expanded rules around HCM disclosure for domestic issuers, coupled with institutional investor focus on the area, suggest this could also be a focus area for Form 20-F readers, so it is important for FPIs to consider any appropriate risk factor disclosure on this topic, depending on their investor base (subject to any limitations imposed by the laws of the jurisdiction under which the registrant is organized). Companies should assess what, if any, material issues their company faces with respect to human capital resources. This could include risks related to the ability to attract and retain skilled employees, employee health and safety issues, increases in labor costs and increased employee turnover.37

As a benchmark, based on White & Case survey information of Fortune 50 companies' Form 10-K disclosure in recent years, companies have covered a broad range of topics in their HCM disclosure, including employee engagement, employee health and wellness, flexible work arrangements, pay equity and diversity, equity and inclusion ("DEI"). Although there have been substantial differences between companies' disclosures in terms of the length of their disclosure and the range of topics covered, there is a trend towards companies increasing their HCM-related disclosures, including, in some cases, an increase in quantitative information.

To the extent they will include these disclosures, companies should consider which human capital measures or objectives the board and senior management focused on during fiscal 2023, and how these should be discussed in the company's disclosure. Companies should also consider whether recent developments in their operations and industry warrant updates to their HCM disclosures, such as in light of labor inflation or cost-cutting measures in light of macroeconomic pressures.38

The following White & Case attorneys authored this alert: Maia Gez, Karen Katri, Scott Levi, Melinda Anderson, Danielle Herrick, Sarah Hernandez.

1 See Footnote 72 of the SEC adopting release on the clawback rules. 
2 As the SEC adopting release on the clawback rules notes, "sometimes the correction of an error is recorded instead in the current period financial statements – commonly referred to as an out-of-period adjustment – when the error is immaterial to the previously issued financial statements, and the correction of the error is also immaterial to the current period. We agree with that commenter that an out-of-period adjustment should not trigger a compensation recovery analysis under the final rules, because it is not an accounting restatement." 
3 For a list of retrospective changes that do not represent an error correction, see pages 37 to 38 of the SEC adopting release on the clawback rules, and the text accompanying footnotes 112 through 116, available here
4 The Center for Audit Quality posted this in its highlights from a meeting with SEC staff, in which it stated: "For example, assume a registrant presents (in an unaudited note to the financial statements for the fiscal year ended 20X3 in Form 10-K) the correction of material misstatements in its financial statements for the interim periods ended 03/31/X3, 06/30/X3, and 09/30/X3. The error only affected those interim periods. The annual periods presented in the 20X3 Form 10-K were not impacted by the errors…The staff indicated that in the above scenario, it would not object if the checkbox referred to above was not checked."
5 For companies that have a "Big R" or "little r" restatement but do not check this box, we would recommend considering a brief explanation to disclose why checking the box was not applicable or appropriate under the facts and circumstances. 
6 This includes the description of securities for securities registered under Section 12 of the Exchange Act. See Instruction 2(d) to Item 19 of Form 20-F.
7 "Holdings" only includes shares of common stock or ordinary shares that are outstanding. Thus, "holdings" excludes shares of common stock or ordinary shares that have not yet been issued but are still considered "beneficially owned" under Rule 13d-3 insofar as they can be acquired within 60 days (e.g., shares underlying exercisable options). The term "affiliate" is defined under Rule 12b-2 of the Exchange Act as "a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified." An individual or entity's status as an "affiliate" is a fact-specific inquiry which must be determined by considering all relevant facts and circumstances; however, the SEC has indicated that status as an officer, director or 10% stockholder is one fact which must be taken into consideration in such inquiry. See American-Standard, SEC No-Action Letter (October 11, 1972). 
8 See Rule 12b-2 of the Exchange Act for the definitions of "large accelerated filer" and "accelerated filer" and the SEC's helpful guide for determining filing status. Each issuer should run this calculation as facts and circumstances vary depending on prior qualifications. For example, if a company had previously been a large accelerated filer, the subsequent qualification thresholds to become an accelerated filer are less than $560 million but $60 million or more, or to become a non-accelerated filer, less than $60 million, in each case, in public float. In addition, an FPI filing on Form 20-F may not qualify as a smaller reporting company.
9 In light of the increased focus on insider trading policies and the requirement to file the insider trading policy as an exhibit to the Form 20-F (starting with the Form 20-F filed in 2025 for calendar year-end companies), companies may want to take the opportunity this year to reassess their policies for the new 10b5-1 rule requirements as well as current market practice.
10 The Court's opinion is available here
11 For this purpose, keep in mind that the withholding of restricted stock (or the tendering of outstanding shares owned by an employee) to pay taxes due upon vesting must be disclosed under Item 16E of Form 20-F because the issuer is acquiring its own outstanding shares. However, if the equity at issue was never outstanding (for example, in the case of withholdings of restricted stock units, or forfeitures of restricted stock when vesting conditions have not yet been satisfied), then no such disclosure is required. See Regulation S-K Compliance and Disclosure Interpretations, Questions 149.01 and 149.02.
12 For example, the complaint notes that SolarWinds failed to follow its own certification controls "including failing to use and document a list of controls in connection with certifications by Company officials" and while the CISO certified to the effectiveness of the Company's controls, he was unable to identify the relevant controls and instead "certified based on his general sense of the quality of those controls, while failing to identify the Company's extensive shortcomings in areas such as access controls" (see page 60 of the complaint). Further, despite being aware of issues and deficiencies, "[the CISO] signed sub-certifications relied on by senior executives, confirming that all material incidents had been disclosed to the executives responsible for the Company's securities filings" (see page 51 of the complaint).
13 The SEC noted that it added a "materiality qualifier" here and that the types of risks that registrants may face include the following: "intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk." See page 62 of SEC cybersecurity adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
14 Per the SEC adopting release, the rationale for this requirement regarding assessors and consultants is that the SEC understands that many registrants rely on third-party service providers for some portion of their cybersecurity and believes it "important for investors to know a registrant's level of in-house versus outsourced cybersecurity capacity," but that registrants are not required to name the third parties. See pages 63 to 64 of SEC cybersecurity adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
15 See page 61 of SEC cybersecurity adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
16 See Erik Gerding, Director Division of Corporation Finance, December 14, 2023, speech, available here; see also page 61 of SEC cybersecurity adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
17 See footnote 229 of the SEC adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
18 See page 69 of the SEC adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
19 See page 85 of the SEC adopting release, available at: Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, and Erik Gerding, Director Division of Corporation Finance, December 14, 2023, speech, available here.
20 The illustrative comments provided in the sample letter, which are not an exhaustive list, addressed the following topics: (i) compliance with Inline XBRL presentation requirements; (ii) outstanding shares reported on the cover page and balance sheet that are tagged with materially different values (i.e., where one value is presented in a whole amount and the other value is presented in thousands); (iii) different XBRL elements used to tag the same reported line item on the income statement from period to period; and (vi) using a custom tag instead of an XBRL element consistent with current US GAAP in the income statement.
21 The manual is available here.
22 For example: "Item 5 of Form 20-F requires a quantitative and qualitative description of the reasons underlying material changes, including where material changes within a line item off set one another, to the extent necessary for an understanding of the company's business as a whole. Item 5.A.1. also stipulates that when there are material changes from period to period in net sales or revenue, you must "describe the extent to which such changes are attributable to changes in prices or to changes in the volume....' Given that you reported a 15.7% increase in revenues for 2022 and a 34.4% increase in revenues for 2021, it appears these disclosures should be provided. However, if you believe the information would not be material, tell us how you have formulated your view and submit the underlying numerical analysis of these details for review."
23 For example: "We note from your discussion of results of operations that general inflation was a cause of the increase in cost of sales in most regions and you specifically disclose a highly inflationary environment in Argentina. In future filings, please expand upon the principal factors contributing to your inflationary pressures, the actions planned or taken, if any, to mitigate the inflationary pressures, and quantify the resulting impact on your results of operations and financial condition."
24 Specifically, the SEC updated Non-GAAP Financial Measures C&DIs Questions 100.01, 100.04-100.06, and 102.10(a), (b) and (c), which can be found here
25 For example: "We note you adjust certain non-GAAP financial measures for 'Legal settlements and loss contingencies, net' and 'Non-cash revaluation of lease liabilities.' It appears to us that legal settlements, loss contingencies and revaluation of lease liabilities are normal recurring operating costs necessary to operate your business. Please explain to us how you determined these adjustments comply with the guidance outlined in Question 100.01 of the Division of Corporation Finance's Compliance & Disclosure Interpretations on Non-GAAP Financial Measures or tell us how you plan to revise your non-GAAP financial measures in future filings."
26 For example: "We note certain of your non-GAAP measures back out impairment of digital assets. Please explain why you believe that adjusting for impairment of digital assets provides useful information to investors given that you use your digital assets to, in part, fund your operations and also considering the recurring nature of this charge. Refer to Item 10(e)(1)(i)(C) of Regulation S-K. Please also tell us how you considered whether these measures substitute an individually tailored recognition and measurement method for those of GAAP which results in a misleading non-GAAP measure that violates Rule 100(b) of Regulation G. Please refer to Question 100.04 of the Compliance and Disclosure Interpretations on Non-GAAP Financial Measures for guidance."
27 The SEC's cease-and-desist order is available here.
28 For example, the SEC staff has questioned whether all qualitative and quantitative factors have been considered when a registrant concluded the error is not material to previously issued financial statements, pursuant to the guidance in Staff Accounting Bulletin (SAB) 99, Materiality, and ASC 250.
29 The SEC staff may request additional information such as: a detailed description of the error, including who identified the error, when and how it was identified, and whether it was the result of a control deficiency; and a description of any control deficiency identified, including the registrant's evaluation of the severity of the deficiency and any remediation plans or the rationale for the registrant's conclusion that there was not a material weakness.
30 For example: "With regard to your assessment of [ICFR], explain to us the specific nature and design of the control or controls that you believe had failed regarding this error, and describe in further detail your evaluation of the severity of the control deficiencies and how you considered whether it was reasonably possible that such control deficiencies would fail to prevent or detect a material misstatement. In this regard, it is unclear how you would be able to support a conclusion that it was not reasonably possible that the control deficiencies that led to the errors could not have resulted in a material misstatement in some future period, considering the scenarios where earnings were unusually low, and the error percentages were significantly higher, as you have shown for the second quarters of 2022 and 2021."
31 For example: "We note the disclosure that your disclosure controls and procedures were effective as of September 30, 2022. We also note your disclosure of your remediation plans for material weaknesses over internal controls. Please clarify and disclose the nature of any material weakness, its impact on your financial reporting and ICFR, and management's current plans, if any, or actions already undertaken, for remediating the material weakness. Additionally, please clarify how you can have effective disclosure controls and procedures if a material weakness does exist. We refer you to Item 308(a)(3) of Regulation S-X and 2007 interpretive guidance issued by the SEC in Release No. 34–55929. Please advise or revise."
32 See The Statement of Cash Flows: Improving the Quality of Cash Flow Information Provided to Investors.
33 No. CV 22-11220-WGY, 2023 WL 4706741 (D. Mass. July 24, 2023).
34 For example: "To the extent material, discuss the indirect consequences of climate-related regulation or business trends, such as the following: decreased demand for goods or services that produce significant greenhouse gas emission or are related to carbon-based energy sources; increased demand for goods that result in lower emissions than competing products; increased competition to develop innovative new products that result in lower emissions; increased demand for generation and transmission of energy from alternative energy sources; and any anticipated reputational risks resulting from operations or products that produce material greenhouse gas emissions."
35 For example: "We note that you provided more expansive disclosure in your corporate social responsibility report (CSR report) than you provided in your SEC filings. Please advise us what consideration you gave to providing the same type of climate-related disclosure in your SEC filings as you provided in your CSR report." 
36 For more information, see our alert, "SEC Adopts Amendments to Modernize Disclosures and Adds Human Capital Resources as a Disclosure Topic: Key Action Items and Considerations for US Public Companies." 
37 SRCs are not technically required to provide HCM disclosures, but some may do so for investor relations purposes. 
38 Additional HCM-related disclosure rules may be forthcoming for domestic issuers (likely not FPIs), as these remain on the SEC's Reg Flex Agenda for spring 2024 (available at: Agency Rule List - Fall 2023 ( At a meeting in September 2023, the SEC's Investor Advisory Committee approved subcommittee recommendations to expand required HCM disclosures to include more prescriptive disclosure requirements, such as headcount of full-time versus part-time and contingent workers, turnover metrics or comparable workforce stability measures, the total cost of the workforce broken down into components of compensation, and demographic data of workforce diversity across gender, race/ethnicity, age, disability and/or other categories.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2024 White & Case LLP